.htaccess Password Protect Directory timer problem


I have password protected a directory on my website using the .htaccess password protection method as detailed on many tutorial websites on the internet.

It works well. However I have a couple of questions…

  1. When I first visit the password protected directory it asks me for the password but if I return to the same directory using the same browser 24 hours later it doesn’t ask me for the password again. This presents security problems if I were to visit the password protected directory on a shared community in an Internet cafe for instance. Is there a way of adding a timer or some other means of resolving this problem.

  2. I have protected the directory by placing a .htaccess password protecting file in the directory I want to protect. I also have another .htaccess file in the root directory of my website (this does not password protect anything, it just has php_value magic_quotes_gpc off command). Is it wise to have 2 .htaccess files? Wouldn’t it be better to have just one .htaccess file in the root that password protects the directory www.mysite.com/admin. I can’t figure out how to do this though.

Many thanks for your time,


  1. Did you close the browser between the first visit and the subsequent visit 24 hours later? If not, it’s the normal behavior; browsers remember HTTP Auth logins until they are closed.

  2. Not a problem. It would be a pain to manage if you had a gazillion .htaccess files everywhere, but just two .htaccess files is fine :slight_smile:

Cheers Scallio